Merge branch 'Azure:master' into master

Author: jaspreet-saini

.github/workflows/runAsimSchemaAndDataTesters.yaml

@@ -2,7 +2,7 @@
 # The script runs ASIM Schema and Data testers on the "eco-connector-test" workspace.
 name: Run ASIM tests on "ASIM-SchemaDataTester-GithubShared" workspace
 on:
-  pull_request_target:
+  pull_request:
     types: [opened, edited, reopened, synchronize]
     branches:
       - master

.github/workflows/solutionIntegration.yaml

@@ -2,7 +2,7 @@ name: Solution Integration Testing
 run-name: Running Solution Integration Testing on ${{ github.ref_name }} 
 
 on: 
-  pull_request_target:
+  pull_request:
     types: [opened, edited, reopened, synchronize]
     branches:
       - master

.script/tests/KqlvalidationsTests/CustomTables/ContrastADRIncident_CL.json

@@ -0,0 +1,78 @@
+{
+  "Name": "ContrastADRIncident_CL",
+  "Properties": [
+   
+    {
+      "Name": "TimeGenerated",
+      "Type": "datetime"
+    },
+    {
+      "Name": "incidentId_s",
+      "Type": "String"
+    },
+    {
+      "Name": "incidentName_s",
+      "Type": "String"
+    },
+    {
+      "Name": "status_s",
+      "Type": "String"
+    },
+    {
+      "Name": "score_d",
+      "Type": "Real"
+    },
+    {
+      "Name": "severity_s",
+      "Type": "String"
+    },
+    {
+      "Name": "url_s",
+      "Type": "String"
+    },
+    {
+      "Name": "createdTime_t",
+      "Type": "datetime"
+    },
+    {
+      "Name": "summary_s",
+      "Type": "String"
+    },
+    {
+      "Name": "source_s",
+      "Type": "String"
+    },
+    {
+      "Name": "eventType_s",
+      "Type": "String"
+    },
+    {
+      "Name": "alertType_s",
+      "Type": "String"
+    },
+    {
+      "Name": "alertReason_s",
+      "Type": "String"
+    },
+    {
+      "Name": "organizationUuid_g",
+      "Type": "String"
+    },
+    {
+      "Name": "relatedRules_s",
+      "Type": "String"
+    },
+    {
+      "Name": "recommendedActions_s",
+      "Type": "String"
+    },
+    {
+      "Name": "recommendedRunbooks_s",
+      "Type": "String"
+    },
+    {
+      "Name": "timestamp_t",
+      "Type": "datetime"
+    }
+  ]
+}

.script/tests/KqlvalidationsTests/CustomTables/ContrastADR_CL.json

@@ -73,6 +73,10 @@
          "Name": "cloudResourceId_s",
          "Type": "String"
       },
+      {
+         "Name": "incident_id_s",
+         "Type": "String"
+      },
       {
          "Name": "codeLocation_file_s",
          "Type": "String"
@@ -81,6 +85,11 @@
          "Name": "codeLocation_method_s",
          "Type": "String"
       },
+
+      {
+         "Name": "host_hostname_s",
+         "Type": "String"
+      },
       {
          "Name": "codeLocation_stack_s",
          "Type": "String"
@@ -268,6 +277,10 @@
       {
          "Name": "attackValue_s",
          "Type": "String"
+     }, 
+     {
+         "Name": "request_headers_referer_s",
+         "Type": "String"
      }
     ]
 }

.script/tests/KqlvalidationsTests/CustomTables/MDBALogTable_CL.json

@@ -0,0 +1,33 @@
+{
+    "Name":"MDBALogTable_CL",
+    "Properties":[
+        {
+            "Name": "TimeGenerated",
+            "Type": "datetime"
+        },
+        {
+            "Name": "severity",
+            "Type": "string"
+        },
+        {
+            "Name": "category",
+            "Type": "string"
+        },
+        {
+            "Name": "id",
+            "Type": "int"
+        },
+        {
+            "Name": "ctx",
+            "Type": "string"
+        },
+        {
+            "Name": "msg",
+            "Type": "string"
+        },
+        {
+            "Name": "attr",
+            "Type": "dynamic"
+        }
+    ]
+}

.script/tests/KqlvalidationsTests/CustomTables/ThreatIntelObjects.json

@@ -0,0 +1,109 @@
+{
+    "Name": "ThreatIntelObjects",
+    "Properties": [
+        {
+          "Name": "TenantId",
+          "Type": "string"
+        },
+        {
+          "Name": "TimeGenerated",
+          "Type": "datetime"
+        },
+        {
+          "Name": "WorkspaceId",
+          "Type": "string"
+        },
+        {
+          "Name": "AzureTenantId",
+          "Type": "string"
+        },
+        {
+          "Name": "Id",
+          "Type": "string"
+        },
+        {
+          "Name": "SourceSystem",
+          "Type": "string"
+        },
+        {
+          "Name": "LastUpdateMethod",
+          "Type": "string"
+        },
+        {
+          "Name": "IsDeleted",
+          "Type": "bool"
+        },
+        {
+          "Name": "AdditionalFields",
+          "Type": "dynamic"
+        },
+        {
+          "Name": "Data",
+          "Type": "dynamic"
+        },
+        {
+          "Name": "IsActive",
+          "Type": "bool"
+        },
+        {
+          "Name": "Revoked",
+          "Type": "bool"
+        },
+        {
+          "Name": "ValidUntil",
+          "Type": "datetime"
+        },
+        {
+          "Name": "ValidFrom",
+          "Type": "datetime"
+        },
+        {
+          "Name": "Created",
+          "Type": "datetime"
+        },
+        {
+          "Name": "Modified",
+          "Type": "datetime"
+        },
+        {
+          "Name": "Tags",
+          "Type": "string"
+        },
+        {
+          "Name": "Confidence",
+          "Type": "int"
+        },
+        {
+          "Name": "Pattern",
+          "Type": "string"
+        },
+        {
+          "Name": "ObservableKey",
+          "Type": "string"
+        },
+        {
+          "Name": "ObservableValue",
+          "Type": "string"
+        },
+        {
+          "Name": "Type",
+          "Type": "string"
+        },
+        {
+          "Name": "_ResourceId",
+          "Type": "string"
+        },
+        {
+          "Name": "ExpirationDateTime",
+          "Type": "datetime"
+        },
+        {
+          "Name": "NetworkIP",
+          "Type": "string"
+        },
+        {
+          "Name": "ThreatType",
+          "Type": "string"
+        }
+      ]
+}

.script/tests/KqlvalidationsTests/CustomTables/VeeamAuthorizationEvents_CL.json

@@ -0,0 +1,81 @@
+{
+    "Name": "VeeamAuthorizationEvents_CL",
+    "Properties": [
+        {
+            "Name": "TenantId",
+            "Type": "string"
+        },
+        {
+            "Name": "SourceSystem",
+            "Type": "string"
+        },
+        {
+            "Name": "MG",
+            "Type": "string"
+        },
+        {
+            "Name": "ManagementGroupName",
+            "Type": "string"
+        },
+        {
+            "Name": "TimeGenerated",
+            "Type": "datetime"
+        },
+        {
+            "Name": "Computer",
+            "Type": "string"
+        },
+        {
+            "Name": "RawData",
+            "Type": "string"
+        },
+        {
+            "Name": "CreatedBy",
+            "Type": "string"
+        },
+        {
+            "Name": "CreationTime",
+            "Type": "datetime"
+        },
+        {
+            "Name": "Description",
+            "Type": "string"
+        },
+        {
+            "Name": "ExpirationTime",
+            "Type": "datetime"
+        },
+        {
+            "Name": "Id",
+            "Type": "string"
+        },
+        {
+            "Name": "Name",
+            "Type": "string"
+        },
+        {
+            "Name": "ProcessedBy",
+            "Type": "string"
+        },
+        {
+            "Name": "ProcessedTime",
+            "Type": "datetime"
+        },
+        {
+            "Name": "State",
+            "Type": "string"
+        },
+        {
+            "Name": "VbrHostName",
+            "Type": "string"
+        },
+        {
+            "Name": "Type",
+            "Type": "string"
+        },
+        {
+            "Name": "_ResourceId",
+            "Type": "string"
+        }
+    ]
+}